← Advisories

Manx cms.xml 1.0.1 (ajax_get_file_listing.php) Multiple XSS Vulnerabilities

Medium

Advisory ID

ZSL-2011-5058

Release Date

28 November 2011

Vendor

Paul Jova - http://manx.jovascript.com

Affected Version

1.0.1

CVE

N/A

Tested On

Microsoft Windows XP Professional SP3 (EN), Apache 2.2.21, MySQL 5.5.16, PHP 5.3.8

Summary

Manx is a Content Management System that uses xml text files to store the page contents, instead of a mysql database.

Description

Input thru the GET parameters 'limit' and 'search_folder' in 'ajax_get_file_listing.php' are not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site.

Proof of Concept

manx_xss.txtTXT

Disclosure Timeline

03.12.2011Vendor releases patch (http://manx.jovascript.com/downloads.php).

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://packetstormsecurity.org/files/107353

[2]http://www.securityfocus.com/bid/50839

[3]http://secunia.com/advisories/47002/

[4]http://xforce.iss.net/xforce/xfdb/71516

[5]http://osvdb.org/show/osvdb/77403

[6]http://osvdb.org/show/osvdb/77404

[7]http://osvdb.org/show/osvdb/77405

Changelog

28.11.2011Initial release

29.11.2011Added reference [1] and [2]

30.11.2011Added reference [3]

01.12.2011Added reference [4], [5], [6] and [7]

03.12.2011Added vendor status